You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: sdk/identity/Azure.Identity/README.md
+29-20Lines changed: 29 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -192,8 +192,9 @@ Not all credentials require this configuration. Credentials which authenticate t
192
192
|-|-
193
193
|[`DefaultAzureCredential`][ref_DefaultAzureCredential]|Provides a simplified authentication experience to quickly start developing applications run in Azure.
194
194
|[`ChainedTokenCredential`][ref_ChainedTokenCredential]|Allows users to define custom authentication flows composing multiple credentials.
195
-
|[`ManagedIdentityCredential`][ref_ManagedIdentityCredential]|Authenticates the managed identity of an Azure resource.
196
195
|[`EnvironmentCredential`][ref_EnvironmentCredential]|Authenticates a service principal or user via credential information specified in environment variables.
196
+
|[`ManagedIdentityCredential`][ref_ManagedIdentityCredential]|Authenticates the managed identity of an Azure resource.
197
+
|[`WorkloadIdentityCredential`][ref_WorkloadIdentityCredential]|Supports [Azure AD workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes.
197
198
198
199
### Authenticate service principals
199
200
@@ -218,24 +219,27 @@ Not all credentials require this configuration. Credentials which authenticate t
218
219
|Credential | Usage | Reference
219
220
|-|-|-
220
221
|[`AzureCliCredential`][ref_AzureCliCredential]|Authenticates in a development environment with the Azure CLI. | [Azure CLI authentication](https://learn.microsoft.com/cli/azure/authenticate-azure-cli)
221
-
|`AzureDeveloperCliCredential`|Authenticates in a development environment with the Azure Developer CLI. | [Azure Developer CLI Reference](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference)
222
+
|[`AzureDeveloperCliCredential`][ref_AzureDeveloperCliCredential]|Authenticates in a development environment with the Azure Developer CLI. | [Azure Developer CLI Reference](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference)
222
223
|[`AzurePowerShellCredential`][ref_AzurePowerShellCredential]|Authenticates in a development environment with the Azure PowerShell. | [Azure PowerShell authentication](https://learn.microsoft.com/powershell/azure/authenticate-azureps)
223
224
|[`VisualStudioCredential`][ref_VisualStudioCredential]|Authenticates in a development environment with Visual Studio. | [Visual Studio configuration](https://learn.microsoft.com/dotnet/azure/configure-visual-studio)
224
225
|[`VisualStudioCodeCredential`][ref_VisualStudioCodeCredential]| Authenticates as the user signed in to the Visual Studio Code Azure Account extension. | [VS Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
225
226
226
227
> __Note:__ All credential implementations in the Azure Identity library are threadsafe, and a single credential instance can be used by multiple service clients.
227
228
228
229
## Environment variables
230
+
229
231
[`DefaultAzureCredential`][ref_DefaultAzureCredential] and [`EnvironmentCredential`][ref_EnvironmentCredential] can be configured with environment variables. Each type of authentication requires values for specific variables:
230
232
231
233
#### Service principal with secret
234
+
232
235
|Variable name|Value
233
236
|-|-
234
237
|`AZURE_CLIENT_ID`|ID of an Azure AD application
235
238
|`AZURE_TENANT_ID`|ID of the application's Azure AD tenant
236
239
|`AZURE_CLIENT_SECRET`|one of the application's client secrets
237
240
238
241
#### Service principal with certificate
242
+
239
243
|variable name|Value
240
244
|-|-
241
245
|`AZURE_CLIENT_ID`|ID of an Azure AD application
@@ -245,6 +249,7 @@ Not all credentials require this configuration. Credentials which authenticate t
245
249
|`AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`|(optional) send certificate chain in x5c header to support subject name / issuer based authentication
246
250
247
251
#### Username and password
252
+
248
253
|Variable name|Value
249
254
|-|-
250
255
|`AZURE_CLIENT_ID`|ID of an Azure AD application
@@ -255,11 +260,13 @@ Not all credentials require this configuration. Credentials which authenticate t
255
260
Configuration is attempted in the above order. For example, if values for a
256
261
client secret and certificate are both present, the client secret will be used.
257
262
258
-
## Token Caching
263
+
## Token caching
264
+
259
265
Token caching is a feature provided by the Azure Identity library that allows apps to:
260
-
- Cache tokens.
261
-
- Improve resilience and performance.
262
-
- Reduce the number of requests made to Azure Active Directory (Azure AD) to obtain access tokens.
266
+
267
+
* Cache tokens in memory (default) or on disk (opt-in).
268
+
* Improve resilience and performance.
269
+
* Reduce the number of requests made to Azure Active Directory (Azure AD) to obtain access tokens.
263
270
264
271
The Azure Identity library offers both in-memory and persistent disk caching. For more details, see the [token caching documentation](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/samples/TokenCache.md)
265
272
@@ -268,6 +275,7 @@ The Azure Identity library offers both in-memory and persistent disk caching. Fo
268
275
See the [troubleshooting guide](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/TROUBLESHOOTING.md) for details on how to diagnose various failure scenarios.
269
276
270
277
### Error handling
278
+
271
279
Errors arising from authentication can be raised on any service client method which makes a request to the service. This is because the first time the token is requested from the credential is on the first call to the service, and any subsequent calls might need to refresh the token. In order to distinguish these failures from failures in the service client Azure Identity classes raise the `AuthenticationFailedException` with details to the source of the error in the exception message as well as possibly the error message. Depending on the application these errors may or may not be recoverable.
272
280
273
281
```c#
@@ -330,12 +338,13 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions
330
338
};
331
339
```
332
340
333
-
334
341
### Thread safety
342
+
335
343
We guarantee that all credential instance methods are thread-safe and independent of each other ([guideline](https://azure.github.io/azure-sdk/dotnet_introduction.html#dotnet-service-methods-thread-safety)).
336
344
This ensures that the recommendation of reusing credential instances is always safe, even across threads.
[Accessing the response](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/core/Azure.Core/README.md#accessing-http-response-details-using-responset) |
@@ -356,6 +365,7 @@ This library doesn't currently support scenarios relating to the [Azure AD B2C](
356
365
Open issues for the `Azure.Identity` library can be found [here](https://github.com/Azure/azure-sdk-for-net/issues?q=is%3Aissue+is%3Aopen+label%3AAzure.Identity).
357
366
358
367
## Contributing
368
+
359
369
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
360
370
361
371
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
@@ -371,36 +381,35 @@ This project has adopted the [Microsoft Open Source Code of Conduct][code_of_con
0 commit comments